Passwords are easily phished, captured, replayed, or otherwise compromised. To address weaknesses in passwords, two-factor authentication was developed and now is commonly deployed by websites and companies. Most two-factor authentication systems operate by adding an additional security challenge after prompting a user for primary password-based authentication.
One model of two-factor authentication utilizes one-time passcodes (OTPs). In this model, the user employs an OTP-generating device to generate a short, user friendly passcode (usually 6 or 8 numeric digits) and then provides that passcode to the validating service (usually by typing it in to an input box).
The OTP-generating device and the validating server both share a secret and employ an algorithm that allows them to agree upon what passcode to expect. OATH HOTP and TOTP are two open standards for OTP-based authentication.
Due to the nature of OTP-based authentication standards, OTP authentication requires the use of symmetric cryptography; therefore, both the validating server and the OTP-generating device must store the same symmetric cryptographic key. Unfortunately, this means that if the validating server is compromised, every device capable of validating with the server is at risk. Thus, there is a need in the authentication field to create a new and useful method for key rotation. This invention provides such a new and useful method.